CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4149 – Local privilege escalation using log file
https://notcve.org/view.php?id=CVE-2022-4149
Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2270 – Local privilege escalation
https://notcve.org/view.php?id=CVE-2023-2270
This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\SYSTEM privileges on the end machine. • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21121
https://notcve.org/view.php?id=CVE-2023-21121
This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2023-06-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21122
https://notcve.org/view.php?id=CVE-2023-21122
This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2023-06-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21128
https://notcve.org/view.php?id=CVE-2023-21128
This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2023-06-01 •